Blog Post

Ritelink Blog > News > HOW TO > 5 Tools To Help Protect Yourself From Ransomeware

5 Tools To Help Protect Yourself From Ransomeware

NEW STRAIN of ransomware has spread quickly all over the world, causing crises in National Health Service hospitals and facilities around England, and gaining particular traction in Spain, where it has hobbled the large telecom company Telefonica, the natural gas company Gas Natural, and the electrical company Iberdrola. You know how people always talk about the Big One? As far as ransomware attacksgo, this looks a whole lot like it.
The ransomware strain WannaCry (also known as WanaCrypt0r and WCry) that caused Friday’s barrage appears to be a new variant of a type that first appeared in late March. This new version has only gained steam since its initial barrage, with tens of thousands of infections in 74 countries so far today as of publication time. Its reach extends beyond the UK and Spain, into Russia, Taiwan, France, Japan, and dozens more countries.
One reason WannaCry has proven so vicious? It seems to leverage a Windows vulnerability known as EternalBlue that allegedly originated with the NSA. The exploit was dumped into the wild last month in a trove of alleged NSA tools by the Shadow Brokers hacking group. Microsoft released a patch for the exploit, known as MS17-010, in March, but clearly many organizations haven’t caught up.
“The spread is immense,” says Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry. “I’ve never seen anything before like this. This is nuts.”

A Bad Batch

Ransomware works by infecting a computer, locking users out of the system (usually by encrypting the data on the hard drive), and then holding the decryption or other release key ransom until the victim pays a fee, usually in bitcoin. In this case, the NHS experienced hobbled computer and phone systems, system failures, and widespread confusion after hospital computers started showing a ransom message demanding $300 worth of bitcoin.
As a result of Friday’s infection, hospitals, doctors’ offices, and other health care institutions in London and Northern England have had to cancel non-urgent services and revert to backup procedures. Multiple emergency rooms around England spread word that patients should avoid coming in if possible. The situation doesn’t appear to have resulted in any unauthorized access to patient data so far.
In England, the National Health Service said that it is rushing to investigate and mitigate the attack, and UK news outlets reported that hospital personnel have been instructed to do things like shut down computers and larger IT network services. Other victims, like Telefonica in Spain, are taking similar precautions, telling employees to shut down infected computers while they wait for instructions about mitigation.
Hospitals make for popular ransomware victims because they have an urgent need to restore service for their patients. They may therefore be more likely to pay criminals to reinstate systems. They also often make for relatively easy targets.
“In healthcare and other sectors we tend to be very slow to address these vulnerabilities,” says Lee Kim, the director of privacy and security at the Healthcare Information and Management Systems Society. “But whoever is behind this is clearly extremely serious.”
WannaCry didn’t go after NHS alone, though. “This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” the NHS said in a statement. “Our focus is on supporting organizations to manage the incident swiftly and decisively.”
In some ways, that makes things worse. WannaCry’s not just coming for hospitals; it’s coming for whatever it can. Which means this’ll get worse—a lot worse—before it gets better.

Wide Range

The NHS portion of the attack has rightly been drawing the most focus, because it puts human lives at risk. But WannaCry could continue to expand its range indefinitely, because it exploits at least one vulnerability that has persisted unprotected on many systems two months after Microsoft released a patch. Adoption is likely better on consumer devices, so Malwarebytes’ Kujawa says that WannaCry is mostly a concern for business infrastructure.
The creators of WannaCry seem to have developed it with broad, long-term reach in mind. In addition to the Windows server vulnerability from Shadow Brokers, MalwareHunter, a researcher with the MalwareHunterTeam analysis group who discovered the second generation of WannaCry, says that “probably there are more” vulnerabilities the ransomware can take advantage of as well. The software can also run in 27 languages—the type of development investment an attacker wouldn’t make if he were simply trying to target one hospital or bank. Or even one country.

The spread is immense. I’ve never seen anything before like this. This is nuts.ADAM KUJAWA, MALWAREBYTES

It’s equally bad on a more micro level. Once WannaCry enters a network, it can spread around to other computers on that same network, a typical trait of ransomware that maximizes the damage to companies and institutions. It’s also unclear so far exactly where the attacks originated, making it harder to remediate on a large scale. Security analysts will eventually be able to use information from victims about how attackers were able to first get in (things like phishing, malvertising, or more personalized targeted attacks) to trace the origins.
While it’s likely too late for those already impacted (the question for them now is whether to pay or not), there is a way to provide at least some protection from WannaCry before it hits: Get that Microsoft update ASAP. Or, since it’s a server-level patch, find the nearest sysadmin who can.
“I would say it’s having so much ‘success’ because people and companies aren’t patching their systems,” MalwareHunter says.
Until they do, expect WannaCry to keep spreading. And make sure you’re ready before the next big ransomware wave hits.
A DEVASTATING GLOBAL cyberattack called WannaCry has alerted millions of people to the dangers of ransomware. Hospitals, utilities, businesses, and more were locked out of their computers, facing payment demands from anonymous hackers. And while it’s too late for over hundreds of thousands of devices across 150 countries that WannaCry hit, there are a few tools you can use to help limit your own risk, both now and going forward.
After all, WannaCry’s hardly the only ransomware out there. Protect yourself now, before the next one hits.
When you buy something using the retail links in our buying guides, we sometimes earn a small affiliate commission.

WD My Passport Hard Drive

Really, any external hard drive backup will do; we just like the WD My Passport for its built-in hardware encryption and three-year warranty. What specific model you go for, though, matters much less than how you use it. The key here? Regularly back up your system, but keep your hard drive disconnected from your desktop. Otherwise, the ransomware will find and encrypt your backup just like it did your main system. 

CrashPlan Data Backup

When you think “cloud backup,” you might think “Dropbox.” Don’t! At least not for these purposes. Dropbox offers a lot of value as a syncing service, keeping your files straight across multiple devices. Handy, but not much help if ransomware hits. Instead, look for a true cloud backup service that backs up and encrypts all of your files in a server far, far away. If a hacker locks up your digital life, a cloud backup means you can just wipe and start over with an uninfected version. CrashPlan gets solid reviews from a range of sites for its ease of use and cost, but competitors like Carbonite and Backblaze offer similar functionality.

Windows 10

Are you on an older version of Windows? Are you even (gasp) still using Windows XP? Please stop that immediately.
In fact, thanks in part to a big release of NSA tools by a hacking group called Shadow Brokers, you should consider
any Windows version other than the very latest a potential risk. You’re past the free Windows 10 upgrade period at
this point, but it’s still worth the investment for the added peace of mind. Just make sure that even once you’re up
to date, you’re downloading each patch as soon as it becomes available.

Bitdefender Internet Security

Anti-virus software gets a bad rap sometimes, and not without reason. It gets its hooks into so many parts
of your computer that if something goes wrong with your AV, your whole system’s at risk. Then again, if
ransomware takes over, you don’t have a system to begin with. There are a lot of fine choices here, but
 Bitdefender stands out for having repeatedly aced real-world protection testing from independent reviewer AV-Comparisons over the last year. And yes, it protects against WannaCry, as would almost any top AV product

An iPhone

Don’t get us wrong, Android phones are wonderful! But ransomware doesn’t just hit desktop computers.
It’s surging on smartphones as well. And while both the iOS App Store and Android’s Google Play do a pretty good
job of keeping malicious apps off your phone, the prevalence of third-party app stores for Android make it a much bigger risk for ransomware infection. An iPhone is your safest bet; just don’t click on any links in spammy text messages.
And if you prefer Android regardless, stick with official downloads only

Leave a comment

Your email address will not be published. Required fields are marked *